Misprogrammed Fake Flash/Thumb/USB Drives That Misrepresent their Size to Windows are Rampant on eBay, Slipping Into Legitimate Supplies - Massive Data Loss is Result

[TXCharlie]

I know lots of cops use thumb drives to store their reports and forms on, transfer files from their MDT's to their office computers, etc.

Well, after a friend showed me a "bad" 32GB thumb drive in which he had lost some files(apparently a well-known brand name drive that he had bought on eBay for almost $30), something struck me when I was testing it:

Windows XP said the Flash Drive was 32GB, but the actual size of the data I could write to it without corruption was much less. It turned out to be a 4GB counterfeit, mis-labeled and reprogrammed to trick the purchaser (and his computer)into thinking he was buying a 32GB drive.

What was even more insidious: If you stored 30 GB of files on it, it LOOKS like it works - If you look at the drive directory, all the files are there, and no errors pop up. They even copy off the drive - But when you compare the copied files with the original files, all of them beyond the 4GB point are corrupt, and the ones after the 4GB mark actually only contain data from the files before the 4 GB point mark.

So I searched the Internet and found that this is a rampant problem, with full-scale criminal smuggling gangs in Asia both manufacturing and selling fakes on eBay, as well as operating internationally in substituting fakes for shipments of legitimate 32GB or 64GB drives, which sell for up to 100 times as much as the fake ones are really worth.

One very informative web site - I also came across several websites like this one, which publish a bad seller list, as well as giving pointers on how to test the thumb drives.
SOSFakeFlash

There are even drives out there that are being sold as 400GB drives - I found some on a direct-to-China web site called tootoomart.com. There is no such thing as a 400GB thumb drive! The largest legitimate one I found on a manufacturer's web site was 128GB, but it costs several thousand dollars right now.

The crooks apparently have software programs which can take an obsolete but legitimate 128 MB drive, and cause it to mis-report its size to Windows. They can actually make a 128MB drive costing $1 on the mass surplus market to look like a 128GB drive costing $3,000 with a little reprogramming, re-labeling and re-packaging. The profits are so high that very sophisticated manufacturer's packaging with holograms can be duplicated.

Bottom line: If you depend on a flash drive, TEST IT BEFORE YOU USE IT!!!

It's also a good idea to verify the file data. This is best accomplished by Zipping the files, and using a program like WinZip to test the Zip file on the flask drive. There are also programs out there like "Beyond Compare", which can compare entire directory contents, but you must change the settings to verify the binary contents as well as size and date.

MS-DOS (The Windows Command Prompt) also has a file compare program called FC. Run
FC /? at the DOS prompt to see the options. You'll always want to use the /B option for binary compare like so:

FC E:\<thumb file path> C:\<original file path> /B

When you're testing thumb drives by copying and comparing files, though, keep in mind that a file cannot exceed 4GB even if the drive is > 4GB, because the FAT32 formatting is only capable of storing files less than 4GB - So I always set WinZip to split large ZIP files into 2GB files, just to be safe about going over the 4GB limit. Also remember that a 4GB thumb drive will contain more like 3.8GB, because the formatting eats up a small amount of space.

And, most important of all: Back up important files on CD, not Flash Drives, which have a limited data retention time of less than 10 years.

[Xiphos]

Did you write this or are you just passing it along?

[TXCharlie]

It's a compilation of many articles I read, plus stuff I came up with on my own.

I also discovered I have about 6 fraudulent drives I have bought on eBay over the past few months. They were sold as either 16GB or 32GB, but are actually 2 GB and 4GB respectively. I tested them on two different computers, using three different programs, all with the same results. I also copied about 8GB zip files onto the drives & back off, then compared the original & copied files byte by byte. Above the actual drive size, the files contained nothing but garbage. (normal drives throw errors after you fill the actual memory up - These don't).

I went back and nailed one seller with a bad rep, but one other one had already been delisted by eBay, and a third one's auction was too old so I couldn't comment on it.

BTW, the guy I neg-repped offered me a double refund if I would change my feedback to positive. That was after I had already collected the initial refund from him

Of course I didn't change it.

OH - I found that this test program seems to work best, because it calculates how much error-free flash memory you have on a drive: See
H2testw 1.4 – Gold Standard In Detecting USB Counterfeit Drives SOSFakeFlash

I also found that another free program, ChkFlsh, will allow you to re-partition the misprogrammed drives back to their actual size:
Repair Tool of the Week: Check Flash | Technibble

BTW, after you use the low-level patritioning and any of the testing tools, you have to re-format the drive (use FAT32).

[Shoestring]

Certain things I buy new from the store,

Electronics and gadgets is one of them!

[Xiphos]

Will a program like GParted be able to correctly partition and format them?

[MacLean]

Will a program like GParted be able to correctly partition and format them?

Only back to their original capacity.

Charlie's facts are spot on.

[Xiphos]

Only back to their original capacity.

Charlie's facts are spot on.

The original "fake" partition or the original "actual" partition sizes?

[MacLean]

The original "fake" partition or the original "actual" partition sizes?

The original hardware capacity.

[Xiphos]

The original hardware capacity.

Thanks. I use a GParted boot disk to wipe and reformat my drives and was curious if it could set these fake ones correctly.

[MacLean]

Thanks. I use a GParted boot disk to wipe and reformat my drives and was curious if it could set these fake ones correctly.

I don't see why not - GParted should correctly detect the hardware capacity.

[Xiphos]

I don't see why not - GParted should correctly detect the hardware capacity.

I figured but wasn't sure if it would be tricked by the trickery on the drive.

[Odd]

If the controller has been reprogrammed I'm thinking a disk partitioner probably won't do the trick alone.

...later...

Got thinking about it some more. Assuming the firmware flashed to the controller is functional in every way except that it is reporting too large a media size, and you know the actual media size, you should be able to create a partition of just that capacity. GParted would see a 16gig media because that's what the controller is telling it (and its job isn't to question that), but if it's really only 4, just make a 4gig partition and leave the fake area unassigned.

Though really I'd probably just do that out of curiosity, test to see if that worked, and then toss'em.

[TXCharlie]

If that doesn't work to return the partition to the correct size, ChkFlsh worked for me:
Repair Tool of the Week: Check Flash | Technibble

You can set the "Access type" to "As physical Device", then under "Action Type", you can select "Low Level Initialization".

That pops up a partition box... You just want to create one active partition, FAT32 format. you can set the size to a bit below the actual size (to allow for overhead). Press OK / Yes I think, then pull the drive out and plug it back in so Windows will read the new size.

Then go to Windows Explorer, and right-click "Format" the drive - You should see the new partition size on the format form. Just don't format your hard drive accidentally

At that point, to test it, use ChkFlsh again - Refresh the drive selection box, select the drive, and this time under Access Type select something else (to enable the start button) then select "Use temporary file". Then under Action Type, select "Write and read test". Under Test Length, you can do one pass or "Burn In". Then press Start.

I use Burn-In and let it loop overnight to make sure no errors show up on the Drive Map (yellow) - I'm glad I did that, because one of these cheap drives had intermittent errors in three or four random places - Of course, if there are still errors at the end of the drive map, all you have to do is delete & recreate a smaller partition and try it all again.

Of course, if you're only going to wind up with a 2GB drive, it would be a lot simpler to throw it away and buy a new one at a reputable dealer - But with all this going on, I'd still test it no matter where I bought it.

And oh, BTW - This false size problem isn't limited to USB thumb drives - There are also fake iPod MP3 player clones being sold that say they're 16 GB, but when you store too many songs and try to play them back, the sound files are corrupted too. I would imagine SD cards would be harder to alter, but I'd test those also.